CIOs considering SDN have a lot to think about. What changes will it bring, what are its use cases and business benefits, and what challenges does it create?

No concept has captured the networking world's imagination in recent years quite as much as software defined networking. Companies of all stripes, from major names like Cisco to startups like PLUMgrid, are pushing an array of SDN visions. It's an exciting time. But what concrete value can SDN bring to businesses? And how might it transform the data center and the IT department?

Related Articles

In a recent interview with Enterprise Networking Planet, Steve Shah, senior director of product management for the NetScaler Product Group at cloud, virtualization, and networking vendor Citrix, discussed the potential of software defined networking and what CIOs need to know as they transition into the software-defined future. Shah has been in the Application Delivery Controller (ADC) market for fourteen years, and "at the forefront of the transition to virtualized data centers now for about 4 years, since we introduced a virtualized product," he said, giving him a clear view of the revolution happening in the data center.

DevOps demands network virtualization

Like some others in the space, Shah sees the programmability of software-defined networks as tied to the rise of DevOps. To understand the importance of this, he said, one must step back and look at the virtualization story as a whole. Server virtualization attracted businesses looking to gain additional business agility within their data centers. That led to the concept of DevOps, and DevOps offers major benefits to IT.

"As everything becomes software and you can move it from anywhere to anywhere within the data center, you can make the whole process highly programmable. And if you automate those steps, you can transform the way you do IT infrastructure," Shah said. Rather than needing someone to physically pull out, re-rack, and stack hardware on the data center floor, virtualization enables IT departments to simply move virtual infrastructure around as needed from their desks by writing software. But servers aren't the end of the story. In fact, they're only half of the story, according to Shah. Much of the power of DevOps lies in how it enables automation, and to Shah, automation and network virtualization go hand in hand. Without network virtualization, automation cannot do all that it promises.

"If I want to achieve that grand vision of moving infrastructure around within my data center, I quickly realize that while it's great that my virtual machines can move around, if my network, my storage, and all the services I require to make an application work aren't virtualized as well, I can't go and have all of their pieces get automated too," he said. The scripts will eventually hit a wall and require a human to take over in the data center. Automation won't be able to fulfill its potential. But if network infrastructure becomes abstracted, it can achieve the level of programmability required to move to a highly automated, DevOps-oriented model that improves business flexibility and agility.

SDN and regulatory compliance

When asked to provide some use cases for SDN, Shah brought up regulatory compliance, an increasingly important—and complex—issue for many enterprises. Bringing in auditors to evaluate software for PCI compliance is extremely costly, he pointed out. Enterprises might decide to instead purchase equipment that gets them compliant. But to insert that equipment into a data center and integrate it with hundreds or thousands of applications could take hundreds of man-months and as long as a calendar year to complete. "It's a huge project that carries a lot of risks," Shah observed.

In a completely virtualized data center that leverages SDN, the process can be much shorter and easier, not to mention cheaper. "I can write a script that goes to each application and changes its rules to tell it that a service it needs to consume is this device that will provide PCI compliance. The rules of the network stitch in that compliance piece, and we can do that in a couple of days, test it, and roll it out in the course of two weeks, with a single software engineer driving most of the functionality," Shah said. Even if the process actually takes a little longer or requires a few more engineers than the scenario he described, the cost and time savings are still clear.

They hold true for HIPAA compliance as well. One of HIPAA's requirements, Shah said, is that all data be encrypted. "So as a business, maybe I have my HR systems that need to gain compliance. I could either get and move pieces of equipment that provide encryption into my network, or I could leverage that programmability, leave my infrastructure where it is, redefine what the virtual network looks like so that encryption equipment is now part of the network that's for the HR software, and have a script reconfigure all those settings to pull in that component and automatically stitch it into the flow of traffic," he said.

Being able to quickly integrate new devices into the network is key. In a physical network, the equipment needs to be placed in close physical proximity to whatever other gear it provides a service to. Cables need to be plugged in; boxes need to be configured. Firewalls and other adjacent infrastructure need to be taken into account and often reconfigured, too. "There are a lot of discrete steps that are all error-prone," Shah said. Scripts, on the other hand, can be tested and figured out as a single process and then applied to the production network in one go.

Next page: What SDN means for IT staffing, and what challenges CIOs must address